Help with creation of script to set user's home drive as read only with delete

Fellow PowerShell users

I was asked to put together a script to set a acl (access control list) on a Home drive. Created a .csv file as a source with the user to change which it retrieves from the username.csv file.

What I need do is to set it to “read only with delete rights”. Below is what I’ve put together so far…

#Script to set User's H drive to Read & delete only.
Import-Module 'ActiveDirectory'
import-csv H:\username.csv | foreach-object{
    $homeDrive = (Get-ADUser -Identity $_.name -Properties homedirectory).homedirectory #Query AD for the HomeDrive attribute
    $ACL = Get-Acl $homeDrive
    $ACL.setAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule($_.name, "Read", "ContainerInherit,ObjectInherit", "none", "allow")))
    $ACL.setAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule($_.name, "Delete", "ContainerInherit,ObjectInherit", "none", "allow")))
    Write-Output $homeDrive
    Write-Output $ACL
    pause
    Set-Acl $homeDrive $ACL
}

Seems like it will do one or the other but not both. Any help would be appreciated.

RS

you can use Read and Delete as an array @(‘Read’,‘Delete’)

New-Object System.Security.AccessControl.FileSystemAccessRule($_.name, @('Read','Delete'), "ContainerInherit,ObjectInherit", "none", "allow")

Thank you. I will test this.

Also, how do I output all results to a txt file? Is this even possible? Still learning PS. :slight_smile:

If you’re seeing the results you want at the console during the execution, you can just pipe the output to Out-File.

#Script to set User's H drive to Read & delete only.
Import-Module 'ActiveDirectory'
import-csv H:\username.csv | foreach-object{
    $homeDrive = (Get-ADUser -Identity $_.name -Properties homedirectory).homedirectory #Query AD for the HomeDrive attribute
    $ACL = Get-Acl $homeDrive
    $ACL.setAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule($_.name, "Read", "ContainerInherit,ObjectInherit", "none", "allow")))
    $ACL.setAccessRule((New-Object System.Security.AccessControl.FileSystemAccessRule($_.name, "Delete", "ContainerInherit,ObjectInherit", "none", "allow")))
    Write-Output $homeDrive
    Write-Output $ACL
    pause
    Set-Acl $homeDrive $ACL
} | Out-File -Path C:\outputFolder\Output.txt

kvprasoon

Thanks for your tip. Can i ask why the following line is with a @( ?

@(‘Read’,‘Delete’)

Makes it an array of strings.

With the output command you mentioned, I get the following error.

Out-File : A parameter cannot be found that matches parameter name ‘Path’.
At H:\Onedrive project\Hdrive_ReadDeleteonly.ps1:11 char:14

  • } | Out-File -Path H:\results.txt
  • CategoryInfo : InvalidArgument: (:slight_smile: [Out-File], ParameterBindingException
  • FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.PowerShell.Commands.OutFileCommand

Should I be using a different path command?

 

Should be -FilePath. https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/out-file?view=powershell-6

I thank everyone who contributed their suggestions but now I need one more thing to set in the script.

Apparently the script worked perfectly, but now I need to ensure that “traverse folder” access is granted so that their H drive doesn’t disappear and show access denied. :slight_smile:

What is the line to give traversal folder access with read only and delete only?

Any help is greatly appreciated.